On Thu, 04 Jul 2024, Mike Snitzer wrote: > On Thu, Jul 04, 2024 at 08:24:44AM +1000, NeilBrown wrote: > > > 2/ The localio access should use exactly the same auth_domain as the > > network access uses. This ensure the credentials implied by > > rootsquash and allsquash are used correctly. I think the current > > code has the client guessing what IP address the server will see and > > finding an auth_domain based on that. I'm not comfortable with that. > > nfsd_local_fakerqst_create() isn't guessing. rpc_peeraddr() returns the > IP address of the server because the rpc_clnt is the same as > established for traditional network access. I think it is guessing in exactly they same way that your previous internal code tried to use IP addresses to guess whether the server was on the same host or not. Whatever reasons you had for thinking that was fragile and needed to be replaced - apply those reasons to the mechanism for choosing an 'auth_domain' (which is what the IP address is used for). I am confident that we need to choose the auth_domain when the client is making a LOCALIO RPC request to the server, and to use that auth_domain for subsequent interactions with that client (and possibly a different auth_domain for a different client). > > It's now 4th of July for me, so I'm with Jeff: I need a drink! ;) > Hope you enjoyed your drink! NeilBrown
